Trying to set up Matrix server with Ansible playbook, failing at Let's Encrypt stage

I am trying to set up a Matrix server using GitHub - spantaleev/matrix-docker-ansible-deploy: Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker

I've tried on both Google Cloud and Amazon EC2 VMs, using verious flavors of linux.

My DNS is managed via Dreamhost, where my domain ___.com already has a Let's Encrypt certificate. I've added DNS records (A and CNAME) for matrix.___.com and element.___.com and so forth as described at matrix-docker-ansible-deploy/configuring-dns.md at master · spantaleev/matrix-docker-ansible-deploy · GitHub

But the playbook keeps failing with this:

TASK [matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (directly)] *****************************************************************
fatal: [matrix.___.com]: FAILED! => changed=true
  cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=999:1001 --cap-drop=ALL -p 80:8080 --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.21.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080   --standalone --preferred-challenges http --agree-tos --email=zeev@___.com -d ___.com
  delta: '0:00:06.532211'
  end: '2022-01-05 20:30:20.536485'
  msg: non-zero return code
  rc: 1
  start: '2022-01-05 20:30:14.004274'
  stderr: |-
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Some challenges have failed.
    Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
  stderr_lines: <omitted>
  stdout: |-
    Requesting a certificate for ___.com

    Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
      Domain: ___.com
      Type:   unauthorized
      Detail: Invalid response from https://www.___.com/.well-known/acme-challenge/Sdwfd5MKLbvjpNQQBUMAVfy10FavlhghJ4B9-urzZ9c [2606:4700:3033::6815:39b7]: "<!DOCTYPE html>\n<html class=\"no-touch\" lang=\"en-US\" xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\""

    Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 8080. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
  stdout_lines: <omitted>
...ignoring

TASK [matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)] ****************************************************************
fatal: [matrix.___.com]: FAILED! => changed=true
  cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=999:1001 --cap-drop=ALL -p 127.0.0.1:2402:8080 --network=matrix --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.21.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080   --standalone --preferred-challenges http --agree-tos --email=zeev@___.com -d ___.com
  delta: '0:00:11.807192'
  end: '2022-01-05 20:30:34.053931'
  msg: non-zero return code
  rc: 1
  start: '2022-01-05 20:30:22.246739'
  stderr: |-
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Some challenges have failed.
    Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
  stderr_lines: <omitted>
  stdout: |-
    Requesting a certificate for ___.com

    Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
      Domain: ___.com
      Type:   unauthorized
      Detail: Invalid response from https://www.___.com/.well-known/acme-challenge/dgFBTKTOdA7YQHfYg1TFNirmp1hsXTwyyvX65GTeKt8 [2606:4700:3033::6815:39b7]: "<!DOCTYPE html>\n<html class=\"no-touch\" lang=\"en-US\" xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\""

    Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 8080. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
  stdout_lines: <omitted>
...ignoring

Finally it shows:

TASK [matrix-nginx-proxy : Fail if all SSL certificate retrieval attempts failed] **********************************************************************************************
fatal: [matrix.___.com]: FAILED! => changed=false
  msg: |-
    Failed to obtain a certificate directly (by listening on port 80)
    and also failed to obtain by relying on the server at port 80 to proxy the request.
    See above for details.
    You may wish to set up proxying of /.well-known/acme-challenge to 2402 or,
    more easily, stop the server on port 80 while this playbook runs.

Hi @d0g and welcome to the LE community forum :slight_smile:

LE prefers IPv6 over IPv4 (when present).
Ensure that your site is accessible via both.
OR
Remove the AAAA address from your domain name(s).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.